Hi Martin
Session variables are not "sent from page to page", but rather stored in memory
using the Session ID. The app (or page) has access to these variables using the
Session ID (Behind the scenes).
If you want to see the information flowing to / from browser then goto
www.planet-source-code.com and search there for "html breakout box". This
little VB6 App will allow you to see the HTML traffic to / from the browser
(via the proxy program). If you don't come right I will look for it and send
you the link.
However you can see the session variables on a ASP page using the following
code (classic ASP) It is made for my environment, but I am sure you will be
able to figure it out:
Sub SFDebug()
REM ------------------------------------------------------------
REM -- Allows a person to see Session and Form Debug Information
rem -- if CANDebug is Enabled
REM ------------------------------------------------------------
Dim strSessionContents 'as String
Dim strFormContents 'as String
Dim strURLContents 'as String
Dim objFIELD 'as
String
Dim formElement 'as
Dim URLElement 'as
If Session("UserDebug") = true and CANDebug=TRUE then
strSessionContents = ""
strFormContents = ""
strURLContents = ""
REM -- Create a list of all Session Varables
On Error Resume Next
For Each objFIELD in Session.Contents
strSessionContents = strSessionContents & _
Left(objFIELD & " ",20) & ":
[" & Session(objFIELD) & "]" & vbcrlf
Next 'objFIELD
On Error Goto 0
REM -- Bread Crumm Add On
Dim DKeys
Dim DItems
Dim I
Dim DictTmp
If IsObject(Session("Dictionary")) then
Set DictTmp = Session("Dictionary")
DKeys = DictTmp.Keys
DItems = DictTmp.Items
For i = 0 To DictTmp.Count -1
strSessionContents =
strSessionContents & _
Left("Dict(" & DKeys(I) & ")
",30) & ": [" & DItems(I) & "]" & vbcrlf
'Response.Write "Dict." &
DItems(I) & " = [" & DKeys(I) & "]<br>"
Next 'I
Set DictTmp = Nothing
end if
REM -- Bread Crumm Add On TILL HERE
REM -- Create a list of all Used Form Elements
strFormContents = ""
For Each formElement In Request.Form
strFormContents = strFormContents & _
Left(formElement & " ",20) & ": [" &
Request.form(formElement) & "]" & vbcrlf
Next 'formElement
REM -- Create a list of all Used URL Elements
(QueryString)
strURLContents = ""
For Each URLElement In Request.QueryString
strURLContents = strURLContents & _
Left(URLElement & " ",20) & ": [" &
Request.QueryString(URLElement) & "]" & vbcrlf
Next
Response.Write "<div style=""BACKGROUND-COLOR: #ffffbb;
font-size:10px"">" & _
"<pre>" & _
"Session Variables" & vbcrlf & _
"-----------------" & vbcrlf & _
strSessionContents & vbcrlf & _
"Form Variables" & vbcrlf & _
"---------" & vbcrlf & _
strFormContents & vbcrlf & _
"URL Variables" & vbcrlf & _
"-----------------" & vbcrlf & _
strURLContents & vbcrlf & _
"</pre>" & _
"</div>"
end if
end Sub
-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN@libertis.ga]
Sent: 25 November 2004 10:22
To: webappsec@securityfocus.com
Subject: IIS session & application variables
Hi list !
I was wondering if someone knows about a tool that can get the
application/session variables on my IIS session ...
Lets' me explain: I've got an IIS server, and some application & session
variables defined in my global.asa. I think these variables are sent from one
page to another one, and I was wondering if there is a tool that displays me
these variables (session and application variables).
Any clue would be helpful !
Thanks in advance !
Confidentiality Warning
=======================
The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
